OpenClaw Improper Access Control Vulnerability (CVE-2026-45006)

OpenClaw, a tool used for managing and automating complex systems, is vulnerable to an improper access control issue. Specifically, versions before 2026.4.23 of the OpenClaw gateway tool are susceptible to CVE-2026-45006. The vulnerability resides in the config.apply and config.patch operations, where an incomplete denylist protection can be bypassed. A compromised model, potentially due to a separate vulnerability or misconfiguration, can exploit this flaw to inject unsafe configuration changes. This bypass can allow attackers to persist malicious configuration modifications that impact critical system functions such as command execution, network behavior, credential management, and operator policies. Critically, these modifications survive restarts, indicating a persistent foothold within the affected environment. Defenders should prioritize patching OpenClaw installations to version 2026.4.23 or later to mitigate this risk.

Attack Chain

1. Initial compromise of an OpenClaw model via an existing vulnerability or compromised credentials.
2. The attacker uses the compromised model to interact with the OpenClaw gateway tool.
3. The attacker crafts malicious configuration changes designed to compromise system functionality.
4. The attacker uses the config.apply or config.patch operation to apply the crafted configuration changes.
5. The incomplete denylist protection is bypassed, allowing the malicious changes to be written.
6. The malicious configuration changes are persisted to the system.
7. The attacker exploits the modified configuration to execute arbitrary commands or modify network behavior.
8. The attacker achieves persistence, maintaining access even after system restarts, by leveraging the maliciously configured settings.

Impact

Successful exploitation of CVE-2026-45006 allows attackers to persistently modify critical system configurations within OpenClaw environments. This can lead to unauthorized command execution, manipulation of network settings, credential theft or modification, and alteration of operator policies. The vulnerability could impact organizations relying on OpenClaw for managing and automating their infrastructure, potentially leading to significant operational disruptions and security breaches. The ability to persist malicious configurations even after restarts increases the severity and potential long-term impact of a successful attack.

Recommendation

• Upgrade OpenClaw to version 2026.4.23 or later to patch CVE-2026-45006 (see references).
• Implement strict access controls and monitoring on OpenClaw models to prevent unauthorized modification of configurations.
• Regularly review OpenClaw configurations for any unexpected or malicious changes to command execution paths, network settings, or credential stores.
• Deploy the Sigma rule Detect OpenClaw Config Apply Patch to identify attempts to exploit this vulnerability by monitoring for calls to the config.apply or config.patch operations.
• Monitor OpenClaw logs for any unauthorized configuration changes related to command execution, network behavior, or credential management.